Release preparation for version 2.13.4

2025-12-17 01:03:14 +01:00 · 2023-06-08 19:57:37 +00:00
parent e8b12ce416
commit e4be303a23
121 changed files with 425 additions and 224 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,11 @@
 ## 0.7.3
 ### Minor Analysis Improvements
 * Deleted the deprecated `hasCopyConstructor` predicate from the `Class` class in `Class.qll`.
 * Deleted many deprecated predicates and classes with uppercase `AST`, `SSA`, `CFG`, `API`, etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `CodeDuplication.qll` file.
 ## 0.7.2
 ### New Features
--- a/cpp/ql/lib/change-notes/2022-08-06-delete-deps.md
+++ b/cpp/ql/lib/change-notes/2022-08-06-delete-deps.md
@@ -1,6 +1,7 @@
---
+## 0.7.3
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * Deleted the deprecated `hasCopyConstructor` predicate from the `Class` class in `Class.qll`.
 * Deleted many deprecated predicates and classes with uppercase `AST`, `SSA`, `CFG`, `API`, etc. in their names. Use the PascalCased versions instead.
-* Deleted the deprecated `CodeDuplication.qll` file.
+* Deleted the deprecated `CodeDuplication.qll` file.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.2
+lastReleaseVersion: 0.7.3
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.7.3-dev
+version: 0.7.3
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 0.6.3
 ### New Queries
 * Added a new query, `cpp/overrun-write`, to detect buffer overflows in C-style functions that manipulate buffers.
 ## 0.6.2
 No user-facing changes.
--- a/cpp/ql/src/change-notes/2023-05-24-overrun-write-query.md
+++ b/cpp/ql/src/change-notes/2023-05-24-overrun-write-query.md
@@ -1,4 +1,5 @@
---
+## 0.6.3
-category: newQuery
+
---
+### New Queries
 * Added a new query, `cpp/overrun-write`, to detect buffer overflows in C-style functions that manipulate buffers.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.6.3-dev
+version: 0.6.3
 groups: 
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.5.3
 No user-facing changes.
 ## 1.5.2
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.3.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.3.md
@@ -0,0 +1,3 @@
 ## 1.5.3
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.2
+lastReleaseVersion: 1.5.3
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.5.3-dev
+version: 1.5.3
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.5.3
 No user-facing changes.
 ## 1.5.2
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.3.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.3.md
@@ -0,0 +1,3 @@
 ## 1.5.3
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.2
+lastReleaseVersion: 1.5.3
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.5.3-dev
+version: 1.5.3
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,24 @@
 ## 0.6.3
 ### Major Analysis Improvements
 * The extractor has been changed to run after the traced compiler call. This allows inspecting compiler generated files, such as the output of source generators. With this change, `.cshtml` files and their generated `.cshtml.g.cs` counterparts are extracted on dotnet 6 and above.
 ### Minor Analysis Improvements
 * C#: Analysis of the `dotnet test` command supplied with a `dll` or `exe` file as argument no longer fails due to the addition of an erroneous `-p:SharedCompilation=false` argument.
 * Deleted the deprecated `WebConfigXML`, `ConfigurationXMLElement`, `LocationXMLElement`, `SystemWebXMLElement`, `SystemWebServerXMLElement`, `CustomErrorsXMLElement`, and `HttpRuntimeXMLElement` classes from `WebConfig.qll`. The non-deprecated names with PascalCased Xml suffixes should be used instead.
 * Deleted the deprecated `Record` class from both `Types.qll` and `Type.qll`.
 * Deleted the deprecated `StructuralComparisonConfiguration` class from `StructuralComparison.qll`, use `sameGvn` instead.
 * Deleted the deprecated `isParameterOf` predicate from the `ParameterNode` class.
 * Deleted the deprecated `SafeExternalAPICallable`, `ExternalAPIDataNode`, `UntrustedDataToExternalAPIConfig`, `UntrustedExternalAPIDataNode`, and `ExternalAPIUsedWithUntrustedData` classes from `ExternalAPIsQuery.qll`. The non-deprecated names with PascalCased Api suffixes should be used instead.
 * Updated the following C# sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
  * `code` to `code-injection`
  * `sql` to `sql-injection`
  * `html` to `html-injection`
  * `xss` to `js-injection`
  * `remote` to `file-content-store`
 ## 0.6.2
 ### Minor Analysis Improvements
--- a/csharp/ql/lib/change-notes/2023-05-17-update-csharp-sink-kinds.md
+++ b/csharp/ql/lib/change-notes/2023-05-17-update-csharp-sink-kinds.md
@@ -1,9 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Updated the following C# sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
  * `code` to `code-injection`
  * `sql` to `sql-injection`
  * `html` to `html-injection`
  * `xss` to `js-injection`
  * `remote` to `file-content-store`
--- a/csharp/ql/lib/change-notes/2023-05-30-source-generators.md
+++ b/csharp/ql/lib/change-notes/2023-05-30-source-generators.md
@@ -1,4 +0,0 @@
 ---
 category: majorAnalysis
 ---
 * The extractor has been changed to run after the traced compiler call. This allows inspecting compiler generated files, such as the output of source generators. With this change, `.cshtml` files and their generated `.cshtml.g.cs` counterparts are extracted on dotnet 6 and above.
--- a/csharp/ql/lib/change-notes/2023-06-06-dotnettest.md
+++ b/csharp/ql/lib/change-notes/2023-06-06-dotnettest.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * C#: Analysis of the `dotnet test` command supplied with a `dll` or `exe` file as argument no longer fails due to the addition of an erroneous `-p:SharedCompilation=false` argument.
--- a/csharp/ql/lib/change-notes/2023-06-02-delete-deps.md
+++ b/csharp/ql/lib/change-notes/2023-06-02-delete-deps.md
@@ -1,8 +1,20 @@
---
+## 0.6.3
-category: minorAnalysis
+
---
+### Major Analysis Improvements
 * The extractor has been changed to run after the traced compiler call. This allows inspecting compiler generated files, such as the output of source generators. With this change, `.cshtml` files and their generated `.cshtml.g.cs` counterparts are extracted on dotnet 6 and above.
 ### Minor Analysis Improvements
 * C#: Analysis of the `dotnet test` command supplied with a `dll` or `exe` file as argument no longer fails due to the addition of an erroneous `-p:SharedCompilation=false` argument.
 * Deleted the deprecated `WebConfigXML`, `ConfigurationXMLElement`, `LocationXMLElement`, `SystemWebXMLElement`, `SystemWebServerXMLElement`, `CustomErrorsXMLElement`, and `HttpRuntimeXMLElement` classes from `WebConfig.qll`. The non-deprecated names with PascalCased Xml suffixes should be used instead.
 * Deleted the deprecated `Record` class from both `Types.qll` and `Type.qll`.
 * Deleted the deprecated `StructuralComparisonConfiguration` class from `StructuralComparison.qll`, use `sameGvn` instead.
 * Deleted the deprecated `isParameterOf` predicate from the `ParameterNode` class.
 * Deleted the deprecated `SafeExternalAPICallable`, `ExternalAPIDataNode`, `UntrustedDataToExternalAPIConfig`, `UntrustedExternalAPIDataNode`, and `ExternalAPIUsedWithUntrustedData` classes from `ExternalAPIsQuery.qll`. The non-deprecated names with PascalCased Api suffixes should be used instead.
 * Updated the following C# sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
  * `code` to `code-injection`
  * `sql` to `sql-injection`
  * `html` to `html-injection`
  * `xss` to `js-injection`
  * `remote` to `file-content-store`
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.6.3-dev
+version: 0.6.3
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.6.3
 No user-facing changes.
 ## 0.6.2
 No user-facing changes.
--- a/csharp/ql/src/change-notes/released/0.6.3.md
+++ b/csharp/ql/src/change-notes/released/0.6.3.md
@@ -0,0 +1,3 @@
 ## 0.6.3
 No user-facing changes.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.6.3-dev
+version: 0.6.3
 groups: 
  - csharp
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.5.3
 No user-facing changes.
 ## 0.5.2
 ### Minor Analysis Improvements
--- a/go/ql/lib/change-notes/released/0.5.3.md
+++ b/go/ql/lib/change-notes/released/0.5.3.md
@@ -0,0 +1,3 @@
 ## 0.5.3
 No user-facing changes.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.2
+lastReleaseVersion: 0.5.3
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.5.3-dev
+version: 0.5.3
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.5.3
 No user-facing changes.
 ## 0.5.2
 No user-facing changes.
--- a/go/ql/src/change-notes/released/0.5.3.md
+++ b/go/ql/src/change-notes/released/0.5.3.md
@@ -0,0 +1,3 @@
 ## 0.5.3
 No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.2
+lastReleaseVersion: 0.5.3
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.5.3-dev
+version: 0.5.3
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,61 @@
 ## 0.6.3
 ### New Features
 * Kotlin versions up to 1.9.0 are now supported.
 ### Minor Analysis Improvements
 * Added flow through the block arguments of `kotlin.io.use` and `kotlin.with`.
 * Added models for the following packages:
  * com.alibaba.druid.sql
  * com.fasterxml.jackson.databind
  * com.jcraft.jsch
  * io.netty.handler.ssl
  * okhttp3
  * org.antlr.runtime
  * org.fusesource.leveldbjni
  * org.influxdb
  * org.springframework.core.io
  * org.yaml.snakeyaml
 * Deleted the deprecated `getRHS` predicate from the `LValue` class, use `getRhs` instead.
 * Deleted the deprecated `getCFGNode` predicate from the `SsaVariable` class, use `getCfgNode` instead.
 * Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead.
 * Added models for the following packages:
  * java.lang
  * java.nio.file
 * Added dataflow models for the Gson deserialization library.
 * Added models for the following packages:
  * okhttp3
 * Added more dataflow models for the Play Framework.
 Modified the models related to `java.nio.file.Files.copy` so that generic `[Input|Output]Stream` arguments are not considered file-related sinks.
 * Dataflow analysis has a new flow step through constructors of transitive subtypes of `java.io.InputStream` that wrap an underlying data source. Previously, the step only existed for direct subtypes of `java.io.InputStream`.
 * Path creation sinks modeled in `PathCreation.qll` have been added to the models-as-data sink kind `path-injection`.
 * Updated the regular expression in the `HostnameSanitizer` sanitizer in the `semmle.code.java.security.RequestForgery` library to better detect strings prefixed with a hostname.
 * Changed the `android-widget` Java source kind to `remote`. Any custom data extensions that use the `android-widget` source kind will need to be updated accordingly in order to continue working.
 * Updated the following Java sink kind names. Any custom data extensions will need to be updated accordingly in order to continue working.
  * `sql` to `sql-injection`
  * `url-redirect` to `url-redirection`
  * `xpath` to `xpath-injection`
  * `ssti` to `template-injection`
  * `logging` to `log-injection`
  * `groovy` to `groovy-injection`
  * `jexl` to `jexl-injection`
  * `mvel` to `mvel-injection`
  * `xslt` to `xslt-injection`
  * `ldap` to `ldap-injection`
  * `pending-intent-sent` to `pending-intents`
  * `intent-start` to `intent-redirection`
  * `set-hostname-verifier` to `hostname-verification`
  * `header-splitting` to `response-splitting`
  * `xss` to `html-injection` and `js-injection`
  * `write-file` to `file-system-store`
  * `create-file` and `read-file` to `path-injection`
  * `open-url` and `jdbc-url` to `request-forgery`
 ## 0.6.2
 ### Minor Analysis Improvements
--- a/java/ql/lib/change-notes/2023-05-05-java-sink-kind-revamp.md
+++ b/java/ql/lib/change-notes/2023-05-05-java-sink-kind-revamp.md
@@ -1,22 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Updated the following Java sink kind names. Any custom data extensions will need to be updated accordingly in order to continue working.
  * `sql` to `sql-injection`
  * `url-redirect` to `url-redirection`
  * `xpath` to `xpath-injection`
  * `ssti` to `template-injection`
  * `logging` to `log-injection`
  * `groovy` to `groovy-injection`
  * `jexl` to `jexl-injection`
  * `mvel` to `mvel-injection`
  * `xslt` to `xslt-injection`
  * `ldap` to `ldap-injection`
  * `pending-intent-sent` to `pending-intents`
  * `intent-start` to `intent-redirection`
  * `set-hostname-verifier` to `hostname-verification`
  * `header-splitting` to `response-splitting`
  * `xss` to `html-injection` and `js-injection`
  * `write-file` to `file-system-store`
  * `create-file` and `read-file` to `path-injection`
  * `open-url` and `jdbc-url` to `request-forgery`
--- a/java/ql/lib/change-notes/2023-05-12-androidwidget-source-kind-to-remote.md
+++ b/java/ql/lib/change-notes/2023-05-12-androidwidget-source-kind-to-remote.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Changed the `android-widget` Java source kind to `remote`. Any custom data extensions that use the `android-widget` source kind will need to be updated accordingly in order to continue working.
--- a/java/ql/lib/change-notes/2023-05-17-change-hostnamesanitizingprefix-regex.md
+++ b/java/ql/lib/change-notes/2023-05-17-change-hostnamesanitizingprefix-regex.md
@@ -1,5 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Updated the regular expression in the `HostnameSanitizer` sanitizer in the `semmle.code.java.security.RequestForgery` library to better detect strings prefixed with a hostname.
--- a/java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md
+++ b/java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Path creation sinks modeled in `PathCreation.qll` have been added to the models-as-data sink kind `path-injection`.
--- a/java/ql/lib/change-notes/2023-05-22-inputstreamwrapper-transitive.md
+++ b/java/ql/lib/change-notes/2023-05-22-inputstreamwrapper-transitive.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Dataflow analysis has a new flow step through constructors of transitive subtypes of `java.io.InputStream` that wrap an underlying data source. Previously, the step only existed for direct subtypes of `java.io.InputStream`.
--- a/java/ql/lib/change-notes/2023-05-23-java-nio-file-files-copy-models-tweak.md
+++ b/java/ql/lib/change-notes/2023-05-23-java-nio-file-files-copy-models-tweak.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 Modified the models related to `java.nio.file.Files.copy` so that generic `[Input|Output]Stream` arguments are not considered file-related sinks.
--- a/java/ql/lib/change-notes/2023-05-24-kotlin-1.9.0.md
+++ b/java/ql/lib/change-notes/2023-05-24-kotlin-1.9.0.md
@@ -1,4 +0,0 @@
 ---
 category: feature
 ---
 * Kotlin versions up to 1.9.0 are now supported.
--- a/java/ql/lib/change-notes/2023-05-26-play-framework-models.md
+++ b/java/ql/lib/change-notes/2023-05-26-play-framework-models.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added more dataflow models for the Play Framework.
--- a/java/ql/lib/change-notes/2023-05-30-gson-models.md
+++ b/java/ql/lib/change-notes/2023-05-30-gson-models.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added dataflow models for the Gson deserialization library.
--- a/java/ql/lib/change-notes/2023-05-30-new-models.md
+++ b/java/ql/lib/change-notes/2023-05-30-new-models.md
@@ -1,6 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added models for the following packages:
  * okhttp3
--- a/java/ql/lib/change-notes/2023-06-01-new-models.md
+++ b/java/ql/lib/change-notes/2023-06-01-new-models.md
@@ -1,7 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added models for the following packages:
  * java.lang
  * java.nio.file
--- a/java/ql/lib/change-notes/2023-06-02-delete-deps.md
+++ b/java/ql/lib/change-notes/2023-06-02-delete-deps.md
@@ -1,6 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Deleted the deprecated `getRHS` predicate from the `LValue` class, use `getRhs` instead.
 * Deleted the deprecated `getCFGNode` predicate from the `SsaVariable` class, use `getCfgNode` instead.
 * Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead.
--- a/java/ql/lib/change-notes/2023-06-06-kotlin-use-with-flow.md
+++ b/java/ql/lib/change-notes/2023-06-06-kotlin-use-with-flow.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added flow through the block arguments of `kotlin.io.use` and `kotlin.with`.
--- a/java/ql/lib/change-notes/2023-06-06-new-models.md
+++ b/java/ql/lib/change-notes/2023-06-06-new-models.md
@@ -1,15 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Added models for the following packages:
  * com.alibaba.druid.sql
  * com.fasterxml.jackson.databind
  * com.jcraft.jsch
  * io.netty.handler.ssl
  * okhttp3
  * org.antlr.runtime
  * org.fusesource.leveldbjni
  * org.influxdb
  * org.springframework.core.io
  * org.yaml.snakeyaml
--- a/java/ql/lib/change-notes/released/0.6.3.md
+++ b/java/ql/lib/change-notes/released/0.6.3.md
@@ -0,0 +1,57 @@
 ## 0.6.3
 ### New Features
 * Kotlin versions up to 1.9.0 are now supported.
 ### Minor Analysis Improvements
 * Added flow through the block arguments of `kotlin.io.use` and `kotlin.with`.
 * Added models for the following packages:
  * com.alibaba.druid.sql
  * com.fasterxml.jackson.databind
  * com.jcraft.jsch
  * io.netty.handler.ssl
  * okhttp3
  * org.antlr.runtime
  * org.fusesource.leveldbjni
  * org.influxdb
  * org.springframework.core.io
  * org.yaml.snakeyaml
 * Deleted the deprecated `getRHS` predicate from the `LValue` class, use `getRhs` instead.
 * Deleted the deprecated `getCFGNode` predicate from the `SsaVariable` class, use `getCfgNode` instead.
 * Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead.
 * Added models for the following packages:
  * java.lang
  * java.nio.file
 * Added dataflow models for the Gson deserialization library.
 * Added models for the following packages:
  * okhttp3
 * Added more dataflow models for the Play Framework.
 Modified the models related to `java.nio.file.Files.copy` so that generic `[Input|Output]Stream` arguments are not considered file-related sinks.
 * Dataflow analysis has a new flow step through constructors of transitive subtypes of `java.io.InputStream` that wrap an underlying data source. Previously, the step only existed for direct subtypes of `java.io.InputStream`.
 * Path creation sinks modeled in `PathCreation.qll` have been added to the models-as-data sink kind `path-injection`.
 * Updated the regular expression in the `HostnameSanitizer` sanitizer in the `semmle.code.java.security.RequestForgery` library to better detect strings prefixed with a hostname.
 * Changed the `android-widget` Java source kind to `remote`. Any custom data extensions that use the `android-widget` source kind will need to be updated accordingly in order to continue working.
 * Updated the following Java sink kind names. Any custom data extensions will need to be updated accordingly in order to continue working.
  * `sql` to `sql-injection`
  * `url-redirect` to `url-redirection`
  * `xpath` to `xpath-injection`
  * `ssti` to `template-injection`
  * `logging` to `log-injection`
  * `groovy` to `groovy-injection`
  * `jexl` to `jexl-injection`
  * `mvel` to `mvel-injection`
  * `xslt` to `xslt-injection`
  * `ldap` to `ldap-injection`
  * `pending-intent-sent` to `pending-intents`
  * `intent-start` to `intent-redirection`
  * `set-hostname-verifier` to `hostname-verification`
  * `header-splitting` to `response-splitting`
  * `xss` to `html-injection` and `js-injection`
  * `write-file` to `file-system-store`
  * `create-file` and `read-file` to `path-injection`
  * `open-url` and `jdbc-url` to `request-forgery`
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.6.3-dev
+version: 0.6.3
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 0.6.3
 ### Minor Analysis Improvements
 * The `java/summary/lines-of-code` query now only counts lines of Java code. The new `java/summary/lines-of-code-kotlin` counts lines of Kotlin code.
 ## 0.6.2
 ### Minor Analysis Improvements
--- a/java/ql/src/change-notes/2023-06-05-lines-of-code.md
+++ b/java/ql/src/change-notes/2023-06-05-lines-of-code.md
@@ -1,4 +1,5 @@
---
+## 0.6.3
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * The `java/summary/lines-of-code` query now only counts lines of Java code. The new `java/summary/lines-of-code-kotlin` counts lines of Kotlin code.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.6.3-dev
+version: 0.6.3
 groups: 
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,23 @@
 ## 0.6.3
 ### Major Analysis Improvements
 * Added support for TypeScript 5.1.
 ### Minor Analysis Improvements
 * Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `localTaintStep` predicate from `DataFlow.qll`.
 * Deleted the deprecated `stringStep`, and `localTaintStep` predicates from `TaintTracking.qll`.
 * Deleted many modules that started with a lowercase letter. Use the versions that start with an uppercase letter instead.
 * Deleted the deprecated `HtmlInjectionConfiguration` and `JQueryHtmlOrSelectorInjectionConfiguration` classes from `DomBasedXssQuery.qll`, use `Configuration` instead.
 * Deleted the deprecated `DefiningIdentifier` class and the `Definitions.qll` file it was in. Use `SsaDefinition` instead.
 * Deleted the deprecated `definitionReaches`, `localDefinitionReaches`, `getAPseudoDefinitionInput`, `nextDefAfter`, and `localDefinitionOverwrites` predicates from `DefUse.qll`.
 * Updated the following JavaScript sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
  * `command-line-injection` to `command-injection`
  * `credentials[kind]` to `credentials-kind`
 - Added a support of sub modules in `node_modules`.
 ## 0.6.2
 ### Minor Analysis Improvements
--- a/javascript/ql/lib/change-notes/2023-04-19-typescript-5-1.md
+++ b/javascript/ql/lib/change-notes/2023-04-19-typescript-5-1.md
@@ -1,4 +0,0 @@
 ---
 category: majorAnalysis
 ---
 * Added support for TypeScript 5.1.
--- a/javascript/ql/lib/change-notes/2023-04-30-npm-submodule.md
+++ b/javascript/ql/lib/change-notes/2023-04-30-npm-submodule.md
@@ -1,5 +0,0 @@
 ---
 category: minorAnalysis
 ---
 - Added a support of sub modules in `node_modules`.
--- a/javascript/ql/lib/change-notes/2023-05-12-update-js-sink-kinds.md
+++ b/javascript/ql/lib/change-notes/2023-05-12-update-js-sink-kinds.md
@@ -1,6 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Updated the following JavaScript sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
  * `command-line-injection` to `command-injection`
  * `credentials[kind]` to `credentials-kind`
--- a/javascript/ql/lib/change-notes/2023-06-02-delete-deps.md
+++ b/javascript/ql/lib/change-notes/2023-06-02-delete-deps.md
@@ -1,10 +1,19 @@
---
+## 0.6.3
-category: minorAnalysis
+
---
+### Major Analysis Improvements
 * Added support for TypeScript 5.1.
 ### Minor Analysis Improvements
 * Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `localTaintStep` predicate from `DataFlow.qll`.
 * Deleted the deprecated `stringStep`, and `localTaintStep` predicates from `TaintTracking.qll`.
 * Deleted many modules that started with a lowercase letter. Use the versions that start with an uppercase letter instead.
 * Deleted the deprecated `HtmlInjectionConfiguration` and `JQueryHtmlOrSelectorInjectionConfiguration` classes from `DomBasedXssQuery.qll`, use `Configuration` instead.
 * Deleted the deprecated `DefiningIdentifier` class and the `Definitions.qll` file it was in. Use `SsaDefinition` instead.
-* Deleted the deprecated `definitionReaches`, `localDefinitionReaches`, `getAPseudoDefinitionInput`, `nextDefAfter`, and `localDefinitionOverwrites` predicates from `DefUse.qll`.
+* Deleted the deprecated `definitionReaches`, `localDefinitionReaches`, `getAPseudoDefinitionInput`, `nextDefAfter`, and `localDefinitionOverwrites` predicates from `DefUse.qll`.
 * Updated the following JavaScript sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
  * `command-line-injection` to `command-injection`
  * `credentials[kind]` to `credentials-kind`
 - Added a support of sub modules in `node_modules`.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.6.3-dev
+version: 0.6.3
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,11 @@
 ## 0.6.3
 ### Minor Analysis Improvements
 * Fixed an issue where calls to a method named `search` would lead to false positive alerts related to regular expressions.
  This happened when the call was incorrectly seen as a call to `String.prototype.search`, since this function converts its first argument
  to a regular expression. The analysis is now more restrictive about when to treat `search` calls as regular expression sinks.
 ## 0.6.2
 ### Major Analysis Improvements
--- a/javascript/ql/src/change-notes/2023-06-01-restrict-regex-search-function.md
+++ b/javascript/ql/src/change-notes/2023-06-01-restrict-regex-search-function.md
@@ -1,6 +1,7 @@
---
+## 0.6.3
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * Fixed an issue where calls to a method named `search` would lead to false positive alerts related to regular expressions.
  This happened when the call was incorrectly seen as a call to `String.prototype.search`, since this function converts its first argument
  to a regular expression. The analysis is now more restrictive about when to treat `search` calls as regular expression sinks.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.6.3-dev
+version: 0.6.3
 groups: 
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.5.3
 No user-facing changes.
 ## 0.5.2
 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/0.5.3.md
+++ b/misc/suite-helpers/change-notes/released/0.5.3.md
@@ -0,0 +1,3 @@
 ## 0.5.3
 No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.2
+lastReleaseVersion: 0.5.3
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,3 +1,3 @@
 name: codeql/suite-helpers
-version: 0.5.3-dev
+version: 0.5.3
 groups: shared
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.9.3
 No user-facing changes.
 ## 0.9.2
 ### Minor Analysis Improvements
--- a/python/ql/lib/change-notes/released/0.9.3.md
+++ b/python/ql/lib/change-notes/released/0.9.3.md
@@ -0,0 +1,3 @@
 ## 0.9.3
 No user-facing changes.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.2
+lastReleaseVersion: 0.9.3
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.9.3-dev
+version: 0.9.3
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 0.7.3
 ### Bug Fixes
 * The display name (`@name`) of the `py/unsafe-deserialization` query has been updated in favor of consistency with other languages.
 ## 0.7.2
 No user-facing changes.
--- a/python/ql/src/change-notes/2023-06-02-unsafe-deserialization-name-update.md
+++ b/python/ql/src/change-notes/2023-06-02-unsafe-deserialization-name-update.md
@@ -1,4 +1,5 @@
---
+## 0.7.3
-category: fix
+
---
+### Bug Fixes
-* The display name (`@name`) of the `py/unsafe-deserialization` query has been updated in favor of consistency with other languages.
+
 * The display name (`@name`) of the `py/unsafe-deserialization` query has been updated in favor of consistency with other languages.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.2
+lastReleaseVersion: 0.7.3
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.7.3-dev
+version: 0.7.3
 groups: 
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,15 @@
 ## 0.6.3
 ### Minor Analysis Improvements
 * Deleted many deprecated predicates and classes with uppercase `URL`, `XSS`, etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `getValueText` predicate from the `Expr`, `StringComponent`, and `ExprCfgNode` classes. Use `getConstantValue` instead.
 * Deleted the deprecated `VariableReferencePattern` class, use `ReferencePattern` instead.
 * Deleted all deprecated aliases in `StandardLibrary.qll`, use `codeql.ruby.frameworks.Core` and `codeql.ruby.frameworks.Stdlib` instead.
 * Support for the `sequel` gem has been added. Method calls that execute queries against a database that may be vulnerable to injection attacks will now be recognized.
 * Support for the `mysql2` gem has been added. Method calls that execute queries against an MySQL database that may be vulnerable to injection attacks will now be recognized.
 * Support for the `pg` gem has been added. Method calls that execute queries against a PostgreSQL database that may be vulnerable to injection attacks will now be recognized.
 ## 0.6.2
 ### Minor Analysis Improvements
--- a/ruby/ql/lib/change-notes/2023-05-06-mysql2.md
+++ b/ruby/ql/lib/change-notes/2023-05-06-mysql2.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Support for the `mysql2` gem has been added. Method calls that execute queries against an MySQL database that may be vulnerable to injection attacks will now be recognized.
--- a/ruby/ql/lib/change-notes/2023-05-06-pg.md
+++ b/ruby/ql/lib/change-notes/2023-05-06-pg.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Support for the `pg` gem has been added. Method calls that execute queries against a PostgreSQL database that may be vulnerable to injection attacks will now be recognized.
--- a/ruby/ql/lib/change-notes/2023-05-07-sequel.md
+++ b/ruby/ql/lib/change-notes/2023-05-07-sequel.md
@@ -1,4 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Support for the `sequel` gem has been added. Method calls that execute queries against a database that may be vulnerable to injection attacks will now be recognized.
--- a/ruby/ql/lib/change-notes/2023-06-02-delete-deps.md
+++ b/ruby/ql/lib/change-notes/2023-06-02-delete-deps.md
@@ -1,7 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Deleted many deprecated predicates and classes with uppercase `URL`, `XSS`, etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `getValueText` predicate from the `Expr`, `StringComponent`, and `ExprCfgNode` classes. Use `getConstantValue` instead.
 * Deleted the deprecated `VariableReferencePattern` class, use `ReferencePattern` instead.
 * Deleted all deprecated aliases in `StandardLibrary.qll`, use `codeql.ruby.frameworks.Core` and `codeql.ruby.frameworks.Stdlib` instead.
--- a/ruby/ql/lib/change-notes/released/0.6.3.md
+++ b/ruby/ql/lib/change-notes/released/0.6.3.md
@@ -0,0 +1,11 @@
 ## 0.6.3
 ### Minor Analysis Improvements
 * Deleted many deprecated predicates and classes with uppercase `URL`, `XSS`, etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `getValueText` predicate from the `Expr`, `StringComponent`, and `ExprCfgNode` classes. Use `getConstantValue` instead.
 * Deleted the deprecated `VariableReferencePattern` class, use `ReferencePattern` instead.
 * Deleted all deprecated aliases in `StandardLibrary.qll`, use `codeql.ruby.frameworks.Core` and `codeql.ruby.frameworks.Stdlib` instead.
 * Support for the `sequel` gem has been added. Method calls that execute queries against a database that may be vulnerable to injection attacks will now be recognized.
 * Support for the `mysql2` gem has been added. Method calls that execute queries against an MySQL database that may be vulnerable to injection attacks will now be recognized.
 * Support for the `pg` gem has been added. Method calls that execute queries against a PostgreSQL database that may be vulnerable to injection attacks will now be recognized.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.6.3-dev
+version: 0.6.3
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
 ## 0.6.3
 ### Minor Analysis Improvements
 * Fixed a bug that would occur when an `initialize` method returns `self` or one of its parameters.
  In such cases, the corresponding calls to `new` would be associated with an incorrect return type.
  This could result in inaccurate call target resolution and cause false positive alerts.
 * Fixed an issue where calls to `delete` or `assoc` with a constant-valued argument would be analyzed imprecisely,
  as if the argument value was not a known constant.
 ## 0.6.2
 No user-facing changes.
--- a/ruby/ql/src/change-notes/2023-05-24-delete-name-clash.md
+++ b/ruby/ql/src/change-notes/2023-05-24-delete-name-clash.md
@@ -1,5 +0,0 @@
 ---
 category: minorAnalysis
 ---
 * Fixed an issue where calls to `delete` or `assoc` with a constant-valued argument would be analyzed imprecisely,
  as if the argument value was not a known constant.
--- a/ruby/ql/src/change-notes/2023-05-26-super-and-flow-through.md
+++ b/ruby/ql/src/change-notes/2023-05-26-super-and-flow-through.md
@@ -1,6 +1,9 @@
---
+## 0.6.3
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * Fixed a bug that would occur when an `initialize` method returns `self` or one of its parameters.
  In such cases, the corresponding calls to `new` would be associated with an incorrect return type.
  This could result in inaccurate call target resolution and cause false positive alerts.
 * Fixed an issue where calls to `delete` or `assoc` with a constant-valued argument would be analyzed imprecisely,
  as if the argument value was not a known constant.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.6.3-dev
+version: 0.6.3
 groups: 
  - ruby
  - queries
--- a/shared/regex/CHANGELOG.md
+++ b/shared/regex/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.0.14
 No user-facing changes.
 ## 0.0.13
 No user-facing changes.
--- a/shared/regex/change-notes/released/0.0.14.md
+++ b/shared/regex/change-notes/released/0.0.14.md
@@ -0,0 +1,3 @@
 ## 0.0.14
 No user-facing changes.
--- a/shared/regex/codeql-pack.release.yml
+++ b/shared/regex/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.13
+lastReleaseVersion: 0.0.14
--- a/shared/regex/qlpack.yml
+++ b/shared/regex/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/regex
-version: 0.0.14-dev
+version: 0.0.14
 groups: shared
 library: true
 dependencies:
--- a/shared/ssa/CHANGELOG.md
+++ b/shared/ssa/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.0.18
 No user-facing changes.
 ## 0.0.17
 No user-facing changes.
--- a/shared/ssa/change-notes/released/0.0.18.md
+++ b/shared/ssa/change-notes/released/0.0.18.md
@@ -0,0 +1,3 @@
 ## 0.0.18
 No user-facing changes.
--- a/shared/ssa/codeql-pack.release.yml
+++ b/shared/ssa/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.17
+lastReleaseVersion: 0.0.18
--- a/Show More
+++ b/Show More
`@@ -1,2 +1,2 @@`
	`---`	`---`
	`lastReleaseVersion: 0.7.2`	`lastReleaseVersion: 0.7.3`